From ed09c5f82ed5ef4932f67af72551807e13a4412d Mon Sep 17 00:00:00 2001 From: terminaldweller Date: Thu, 7 Jul 2022 11:00:23 +0430 Subject: a lot of updates --- terminaldweller.com/prosody/config/prosody.cfg.lua | 142 ++++++++++----------- 1 file changed, 64 insertions(+), 78 deletions(-) (limited to 'terminaldweller.com/prosody') diff --git a/terminaldweller.com/prosody/config/prosody.cfg.lua b/terminaldweller.com/prosody/config/prosody.cfg.lua index d2c5e7d..ba67de7 100644 --- a/terminaldweller.com/prosody/config/prosody.cfg.lua +++ b/terminaldweller.com/prosody/config/prosody.cfg.lua @@ -12,7 +12,6 @@ daemonize = false; -- -- Good luck, and happy Jabbering! - ---------- Server-wide settings ---------- -- Settings in this section apply to the whole server and are the default settings -- for any virtual hosts @@ -25,70 +24,67 @@ admins = {"devi@chat.terminaldweller.com"} -- Enable use of libevent for better performance under high load -- For more information see: https://prosody.im/doc/libevent ---use_libevent = true +-- use_libevent = true -- Prosody will always look in its source directory for modules, but -- this option allows you to specify additional locations where Prosody -- will look for modules first. For community modules, see https://modules.prosody.im/ ---plugin_paths = {} +-- plugin_paths = {} -- This is the list of modules Prosody will load on startup. -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too. -- Documentation for bundled modules can be found at: https://prosody.im/doc/modules modules_enabled = { - -- Generally required - "roster"; -- Allow users to have a roster. Recommended ;) - "saslauth"; -- Authentication for clients and servers. Recommended if you want to log in. - "tls"; -- Add support for secure TLS on c2s/s2s connections - "dialback"; -- s2s dialback support - "disco"; -- Service discovery - - -- Not essential, but recommended - "carbons"; -- Keep multiple clients in sync - "pep"; -- Enables users to publish their avatar, mood, activity, playing music and more - "private"; -- Private XML storage (for room bookmarks, etc.) - "blocklist"; -- Allow users to block communications with other users - "vcard4"; -- User profiles (stored in PEP) - "vcard_legacy"; -- Conversion between legacy vCard and PEP Avatar, vcard - "limits"; -- Enable bandwidth limiting for XMPP connections - - -- Nice to have - "version"; -- Replies to server version requests - "uptime"; -- Report how long server has been running - "time"; -- Let others know the time here on this server - "ping"; -- Replies to XMPP pings with pongs - --"register"; -- Allow users to register on this server using a client and change passwords - --"mam"; -- Store messages in an archive and allow users to access it - --"csi_simple"; -- Simple Mobile optimizations - - -- Admin interfaces - "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands - --"admin_telnet"; -- Opens telnet console interface on localhost port 5582 - - -- HTTP modules - "bosh"; -- Enable BOSH clients, aka "Jabber over HTTP" - --"websocket"; -- XMPP over WebSockets - --"http_files"; -- Serve static files from a directory over HTTP - - -- Other specific functionality - --"groups"; -- Shared roster support - --"server_contact_info"; -- Publish contact information for this service - --"announce"; -- Send announcement to all online users - --"welcome"; -- Welcome users who register accounts - --"watchregistrations"; -- Alert admins of registrations - --"motd"; -- Send a message to users when they log in - --"legacyauth"; -- Legacy authentication. Only used by some old clients and bots. - --"proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use + -- Generally required + "roster", -- Allow users to have a roster. Recommended ;) + "saslauth", -- Authentication for clients and servers. Recommended if you want to log in. + "tls", -- Add support for secure TLS on c2s/s2s connections + "dialback", -- s2s dialback support + "disco", -- Service discovery + -- Not essential, but recommended + "carbons", -- Keep multiple clients in sync + "pep", -- Enables users to publish their avatar, mood, activity, playing music and more + "private", -- Private XML storage (for room bookmarks, etc.) + "blocklist", -- Allow users to block communications with other users + "vcard4", -- User profiles (stored in PEP) + "vcard_legacy", -- Conversion between legacy vCard and PEP Avatar, vcard + "limits", -- Enable bandwidth limiting for XMPP connections + -- Nice to have + "version", -- Replies to server version requests + "uptime", -- Report how long server has been running + "time", -- Let others know the time here on this server + "ping", -- Replies to XMPP pings with pongs + -- "register"; -- Allow users to register on this server using a client and change passwords + -- "mam"; -- Store messages in an archive and allow users to access it + -- "csi_simple"; -- Simple Mobile optimizations + -- Admin interfaces + "admin_adhoc", -- Allows administration via an XMPP client that supports ad-hoc commands + -- "admin_telnet"; -- Opens telnet console interface on localhost port 5582 + + -- HTTP modules + "bosh" -- Enable BOSH clients, aka "Jabber over HTTP" + -- "websocket"; -- XMPP over WebSockets + -- "http_files"; -- Serve static files from a directory over HTTP + + -- Other specific functionality + -- "groups"; -- Shared roster support + -- "server_contact_info"; -- Publish contact information for this service + -- "announce"; -- Send announcement to all online users + -- "welcome"; -- Welcome users who register accounts + -- "watchregistrations"; -- Alert admins of registrations + -- "motd"; -- Send a message to users when they log in + -- "legacyauth"; -- Legacy authentication. Only used by some old clients and bots. + -- "proxy65"; -- Enables a file transfer proxy service which clients behind NAT can use } -- These modules are auto-loaded, but should you want -- to disable them then uncomment them here: modules_disabled = { - -- "offline"; -- Store offline messages - -- "c2s"; -- Handle client connections - -- "s2s"; -- Handle server-to-server connections - -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. + -- "offline"; -- Store offline messages + "c2s" -- Handle client connections + -- "s2s"; -- Handle server-to-server connections + -- "posix"; -- POSIX functionality, sends server to background, enables syslog, etc. } -- Disable account creation by default, for security @@ -114,23 +110,16 @@ s2s_secure_auth = false -- certificates. They will be authenticated using DNS instead, even -- when s2s_secure_auth is enabled. ---s2s_insecure_domains = { "insecure.example" } +-- s2s_insecure_domains = { "insecure.example" } -- Even if you disable s2s_secure_auth, you can still require valid -- certificates for some domains by specifying a list here. ---s2s_secure_domains = { "jabber.org" } +-- s2s_secure_domains = { "jabber.org" } -- Enable rate limits for incoming client and server connections -limits = { - c2s = { - rate = "10kb/s"; - }; - s2sin = { - rate = "30kb/s"; - }; -} +limits = {c2s = {rate = "10kb/s"}, s2sin = {rate = "30kb/s"}} -- Required for init scripts and prosodyctl pidfile = "/var/run/prosody/prosody.pid" @@ -145,13 +134,12 @@ authentication = "internal_hashed" -- through modules. An "sql" backend is included by default, but requires -- additional dependencies. See https://prosody.im/doc/storage for more info. ---storage = "sql" -- Default is "internal" +-- storage = "sql" -- Default is "internal" -- For the "sql" backend, you can uncomment *one* of the below to configure: ---sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. ---sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } ---sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } - +-- sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename. +-- sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } +-- sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" } -- Archiving configuration -- If mod_mam is enabled, Prosody will store a copy of every message. This @@ -166,9 +154,7 @@ archive_expires_after = "1w" -- Remove archived messages after 1 week -- Logging configuration -- For advanced logging see https://prosody.im/doc/logging -log = { - {levels = {min = "info"}, to = "console"}; -} +log = {{levels = {min = "info"}, to = "console"}} -- Uncomment to enable statistics -- For more info see https://prosody.im/doc/statistics @@ -185,20 +171,20 @@ log = { certificates = "certs" -- HTTPS currently only supports a single certificate, specify it here: ---https_certificate = "/etc/prosody/certs/localhost.crt" +-- https_certificate = "/etc/prosody/certs/localhost.crt" ----------- Virtual hosts ----------- -- You need to add a VirtualHost entry for each domain you wish Prosody to serve. -- Settings under each VirtualHost entry apply *only* to that host. VirtualHost "chat.terminaldweller.com" - enabled = true - ssl = { - key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem"; - certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem"; - } +enabled = true +ssl = { + key = "/etc/letsencrypt/live/chat.terminaldweller.com/privkey.pem", + certificate = "/etc/letsencrypt/live/chat.terminaldweller.com/fullchain.pem" +} ---VirtualHost "example.com" +-- VirtualHost "example.com" -- certificate = "/path/to/example.crt" ------ Components ------ @@ -208,9 +194,9 @@ VirtualHost "chat.terminaldweller.com" ---Set up a MUC (multi-user chat) room server on conference.example.com: Component "conference.chat.terminaldweller.com" "muc" - restrict_room_creationi = "admin" +restrict_room_creationi = "admin" --- Store MUC messages in an archive and allow users to access it ---modules_enabled = { "muc_mam" } +-- modules_enabled = { "muc_mam" } ---Set up an external component (default component port is 5347) -- @@ -218,5 +204,5 @@ Component "conference.chat.terminaldweller.com" "muc" -- transports to other networks like ICQ, MSN and Yahoo. For more info -- see: https://prosody.im/doc/components#adding_an_external_component -- ---Component "gateway.example.com" +-- Component "gateway.example.com" -- component_secret = "password" -- cgit v1.2.3